DNS Lookups going to Google DNS even though I have OpenDNS configured?



  • I have put OpenDNS servers as my DNS servers as you can see below:

    However I'm still seeing DNS requests coming from my server (unRAID running Plex and various other Dockers) going to Google DNS.

    I'm assuming I somewhere in the past configured 8.8.8.8 and 8.8.4.4 as my DNS servers but I can't seem to find it anywhere.  The only place I see that 8.8.8.8 and 8.8.4.4 were configured is on my wireless AP that I used to use as my home router (DD-WRT) and now just acts as an AP but my server is not connected to that AP anyway.

    Could it be cached DNS?


  • LAYER 8 Netgate

    What are you giving to your clients via DHCP?  What are the DNS servers configured on client 192.168.4.208?



  • @Derelict:

    What are you giving to your clients via DHCP?  What are the DNS servers configured on client 192.168.4.208?

    I have no DNS configured in DHCP so it should be using the default.  The static DNS server on 192.168.4.208 is 192.168.4.1 (LAN IP/gateway of pfSense) but I've also tried putting in the OpenDNS server IPs there as well to no avail.



  • Is it possible that there is an application running on .208 that is doing the resolving for whatever reason, like a DNS benchmark for instance?


  • LAYER 8 Netgate

    Dude.  Those logs say 192.168.4.208 is making requests to google's 8.8.8.8 and 8.8.4.4. and they are being blocked by the rules on the LAN interface.



  • @KOM:

    Is it possible that there is an application running on .208 that is doing the resolving for whatever reason, like a DNS benchmark for instance?

    Nope, I have nothing that would do any resolving running on .208.  It's a linux storage box that just has a few Dockers running (like Plex and a few others but nothing that has any DNS configured).

    @Derelict:

    Dude.  Those logs say 192.168.4.208 is making requests to google's 8.8.8.8 and 8.8.4.4. and they are being blocked by the rules on the LAN interface.

    That's correct, I purposely am blocking them.  The question is why are they making requests to Google?


  • LAYER 8 Netgate

    That is a great question for the makers of that box.  it has nothing to do with pfSense.



  • @Derelict:

    That is a great question for the makers of that box.  it has nothing to do with pfSense.

    I wasn't blaming pfsense I was just looking for some insight from others running pfsense.  Being that I'm pretty new to pfsense I wasn't sure if I misconfigured something on it.  But I'll look more closely at my server now.


  • LAYER 8 Netgate

    dig/drill are your friends

    On 192.168.4.208:

    You can selectively do DNS queries to various servers:

    dig @8.8.8.8 www.google.com
    dig @192.168.4.1 www.google.com



  • It could also be something as simple as someone running nslookup from the command line and then specifying the Google DNS.




  • @KOM:

    It could also be something as simple as someone running nslookup from the command line and then specifying the Google DNS.

    I would but it's a linux box.  And the dig/drill commands don't appear to be present.

    It looks like it's an issue with one of my dockers though so I'm looking into that.



  • I would but it's a linux box.

    cough



  • LAYER 8 Global Moderator

    "I would but it's a linux box.  And the dig/drill commands don't appear to be present."

    Well then install them..  What linux distro are you using that nslookup is not installed?

    Last login: Wed Jul  8 12:02:03 2015 from 10.0.8.6
    user@ubuntu:~$ nslookup



  • @johnpoz:

    "I would but it's a linux box.  And the dig/drill commands don't appear to be present."

    Well then install them..  What linux distro are you using that nslookup is not installed?

    Last login: Wed Jul  8 12:02:03 2015 from 10.0.8.6
    user@ubuntu:~$ nslookup

    It's an unRAID server which is built off Slackware.  But I've determined it's definitely an issue with a particular Docker.  I see the nameserver's listed as the Google DNS servers in the Docker's log so it's not even really a Linux issue.



  • But I've determined it's definitely an issue with a particular Docker.

    For me, playing detective is the funnest part of the job.


Log in to reply